As part of the Commons JSON migration (kudos to all those plugging away at this thankless task), I see that some dependencies are being created directly to org.apache.sling.commons.johnzon, e.g. https://github.com/apache/sling/blob/trunk/bundles/extensions/adapter/pom.xml#L89 .
IIUC, we should really be depending upon the javax.json API, not our bundling of it. While I don't see any problems related to this right now, it seems like we could end up accidentally creating a dependency to the Johnzon implementation (or our wrapper of the Johnzon implementation). WDYT?